Troubleshooting Service Startup Problems Sometimes, you may encounter a service that can't start because of a logon failure.. Then, the next time you start the system, the following err
Trang 1Figure 13.14: In Windows XP and Windows Server 2003, the Uninstall button is
disabled when you select TC/IP protocol in the Local Area Connection Properties
window
What if you want to reset the TCP/IP stack by returning it to its state when the operating system originally was installed? In Windows XP and Windows Server 2003, you can't remove and then reinstall it However, there is a convenient way to work around this problem To do so, you must use the netsh (NetShell) utility, which provides a command-line interface for configuring and monitoring Windows XP or Windows Server 2003 networking
In Windows XP, netsh utility provides a reset command, which rewrites registry keys related to TCP/IP Consequently, you will get the same result as removing the TCP/IP stack and then reinstalling it
To reset TCP/IP settings in the registry, go to the command line (Start | Run, type cmd,
and press <Enter> then issue the following command:
netsh interface ip reset [log_file_name]
Instead of log_file_name, use the name of the log file where the action will be recorded
If you don't specify the full path to the log file, it will be created in the current directory
Trang 2The command will reset TCP/IP settings stored under the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\
HKLM\SYSTEM\CurrentControlSet\Services\DHCP\Parameters\
Note If a log file already exists, the new log will be appended to the end of existing file
In addition, the contents of the log file depend on the system configuration There may be times when no actions will be logged This usually happens if the TCP/IP registry settings have not been changed since the original Windows XP or Windows Server 2003 installation
Troubleshooting Service Startup Problems
Sometimes, you may encounter a service that can't start because of a logon failure If this happens, the system might display error messages Then, the next time you start the system, the following error messages may be in the system event log:
Source: Service Control Manager
Event ID: 7000
Description:
The %service% service failed to start due to the following error:
The service did not start due to a logon failure
No information in the Data field will be available
Source: Service Control Manager
Event ID: 7013
Description:
Logon attempt with current password failed with the following error:
Logon failure: unknown user name or bad password
No information in the Data field will be available (Fig 13.15)
Trang 3Figure 13.15: The Event Properties window displaying the error message on the service
startup failure because of logon failure
When you attempt to manually start the service, you will receive an error message
informing you that the service could not start because of logon problems This behavior can occur for any of the following reasons:
The account password the service uses to log on has been changed
The password data in the registry has been damaged
The right to log on as a service has been revoked for the specified user account
To resolve these issues, you can configure the service to use the built-in system account, change the password for the specified user account to match the current password for that user, or restore the user's right to log on as a service
If the right to log on as a service is revoked for the specified user account, you can restore this right The procedure is somewhat different for domain controllers and member
servers/client workstations If the problem takes place at the controller of an Active
Directory domain, proceed as follows:
1 Start the Active Director Users and Computers Microsoft Management Console (MMC) snap-in
2 Right-click the organizational unit (OU) in which the user right to log on as a
service was granted By default, this is in the Domain Controllers OU
Trang 43 Right-click the container, then click Properties
4 On the Group Policy tab, click Default Domain Controllers Policy, then click
Edit This starts Group Policy Object Editor
5 Expand the Computer Configuration object by clicking the plus sign (+) next to the policy object Under the Computer Configuration object, expand Windows Settings, then expand Security Settings
6 Expand Local Policies and click User Rights Assignment (Fig 13.16)
Figure 13.16: Restoring the right for the user account to log on as service
7 In the right pane, right-click Log on as a service (Fig 13.17)
Trang 5Figure 13.17: The Log on as service Properties dialog
8 Add the user to the policy and click OK
9 Quit Group Policy Object Editor, close Group Policy Properties, then close the
Active Directory Users and Computers MMC snap-in
If the problem arises at the member server or a standalone computer, take the following steps:
1 Start the Local Security Settings MMC snap-in
2 Expand Local Policies and click User Rights Assignment
3 In the right pane, right-click Log on as a service, then click Properties The Log
on as service Properties window will open
4 Add the user to the policy and click OK
Configuring Service Logon Information
To configure the password for the specified user account to match the current password for that user:
1 Start the Administrative Tools applet in Control Panel, then double-click the
Services icon
2 Right-click the appropriate service, then click Properties
3 The service properties window will open Go to the Log On tab (Fig 13.18), change the password, and click Apply
Trang 6Figure 13.18: The Log On tab of the service properties window
4 Go to the General tab (Fig 13.19), and click the Start button to restart the
service
Trang 7Figure 13.19: The General tab of the service properties window
If the service starts, you have successfully eliminated the problem In some situations, the service may not start with the specified user account In such a case, you may reconfigure the service to start up with the built-in system account
Configuring the Service to Start Up with the Built-in System Account
To configure the service to start up with the built-in system account:
1 Start the Administrative Tools applet in Control Panel, then double-click the
Services icon
2 Right-click the appropriate service, then select the Properties command from the
right-click menu
3 Go to the Log On tab (Fig 13.20), set the Local System Account radio button, and click Apply If the service needs to interact with the desktop, set the Allow service to interact with desktop checkbox (Task Scheduler is an example of a
built-in system service that requires interaction with the desktop.) Some third-party services, such as the F-Secure Authentication agent, also need to interact with the desktop However, as most services don't need this feature, typically you may leave this checkbox unselected
Trang 8Figure 13.20: Configuring the service to start up with the Local System account
4 Go to the General tab and click the Start button to restart the service
Using Registry Editor to Troubleshoot Service Startup Problems
If you are able to start the Services tool, you can use the procedures described above to troubleshoot service startup problems Sometimes, however, there may be situations when you are unable to use the Services administrative tool For example, the computer may hang when you start this tool, and the following message may be displayed:
The RPC Server is unavailable
It is logical to suppose that the Services tool would not start because of a logon failure with the Remote Procedure Call (RPC) or a dependent service Some services do not start until their dependent services have connected For example, the Alerter service depends
on the Workstation service (Fig 13.21) To view the dependencies for a specific service,
right-click the required service, select the Properties command from the context menu, and go to the Dependencies tab As you can see, the dependencies list for the RPC
service is quite long (Fig 13.22)
Trang 9Figure 13.21: The Alerter service depends on the Workstation service
Figure 13.22: The dependencies list for RPC service is quite long
Trang 10If a logon failure with the RPC service prevents you from starting the Services tool and using the safe method of configuring services, proceed as follows:
1 Start Registry Editor and locate the ObjectName value under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceName registry key
2 Modify that value entry by setting its value to localsystem (Fig 13.23), click OK, and quit Registry Editor
Figure 13.23: The ObjectName value under
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceName
3 Attempt to restart the service You may need to restart the computer for some services to restart properly
If you cannot start Registry Editor, you can modify the service account information by performing a parallel installation of the operating system
Disabling a Service or Driver that Prevents Windows from Booting
If you have managed to detect the service or device driver that prevents your system from booting, and if you have installed a parallel copy of the operating system that is bootable, you can try to eliminate the problem using the following procedures:
1 Boot into a parallel copy of the system and start Regedit.exe (Windows XP or Windows Server 2003) or Regedt32.exe (Windows NT or Windows 2000)
2 Go to the HKEY_LOCAL_MACHINE root key
3 Use the Load Hive command to open the following registry file in the original
Windows installation:
%SystemRoot%\System32\Config\System
Trang 11When prompted to assign a name for the hive, assign it a name other than System (for example, System1)
4 Go to the HKEY_LOCAL_MACHINE\SYSTEM1\Select registry key and note the value for Current:REG_DWORD (This selects which ControlSet00x to load when booting and is the one that needs modification.)
5 Perform the following steps to disable a service:
o Go to the following registry key:
HKEY_LOCAL_MACHINE\TEST\ControlSet00x\Services \<Name of suspected service>, where x is the value of Current: REG_DWORD
o Change the value of start:REG_DWORD to 0x4
Note As outlined in Chapter 6, valid startup options for the service include 0x2 (Automatic), 0x3 (Manual), and 0x4 (Disabled) Thus, by setting the Start value to 0x4, you disable the service
6 To disable a device driver, proceed as follows:
o Go to the
HKEY_LOCAL_MACHINE\SYSTEM1\ControlSet00x\Services\<Name
of suspect driver> where x is the value of Current:REG_DWORD
o Change the value of Start: REG_DWORD to 0x4
Note As shown in Chapter 6, valid startup options for device drivers include 0x0 (Boot), 0xl (System), 0x2 (Automatic), 0x3 (Manual), and 0x4 (Disabled)
7 After you have introduced all required modifications, unload the System 1 hive, quit Registry Editor, and try to reboot the original versions of Windows
NT/2000/XP or Windows Server 2003